Lucene search
K

11636 matches found

Metasploit
Metasploit
added 2025/01/07 6:58 p.m.455 views

OneDev Unauthenticated Arbitrary File Read

This module exploits an unauthenticated arbitrary file read vulnerability CVE-2024-45309, which affects OneDev versions use auxiliary/gather/onedevarbitraryfileread msf auxiliaryonedevarbitraryfileread show actions ...actions... msf auxiliaryonedevarbitraryfileread set ACTION msf...

8.7CVSS7.3AI score0.24822EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2025/01/07 10:42 a.m.2 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.1CVSS7.2AI score0.005EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/01/06 9:2 a.m.3 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56326: sandbox breakout through indirect reference to format method in template file. bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...

8.1CVSS7.3AI score0.005EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/01/04 12:25 a.m.302 views

Exploit for Race Condition in Openbsd Openssh

Summary This is essentially a statistical vulnerability: a la...

8.1CVSS9.3AI score0.99506EPSS
Exploits68
OSV
OSV
added 2025/01/03 12:54 p.m.4 views

OESA-2025-1006 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

8.8CVSS7.5AI score0.005EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/03 3:24 a.m.5 views

Denial Of Service (DoS)

Django is vulnerable to a denial-of-service DoS attack. The vulnerability is due to the striptags method and striptags template filter failing to handle inputs with large sequences of nested incomplete HTML entities, allowing an attacker to perform a DoS attack with specially crafted inputs...

7.5CVSS6.4AI score0.0137EPSS
Exploits0References8Affected Software2
SUSE Linux
SUSE Linux
added 2025/01/02 8:45 a.m.5 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...

8.1CVSS7.2AI score0.005EPSS
Exploits0References8
Snyk
Snyk
added 2025/01/01 6:38 a.m.2 views

Race Condition

Overview PSyclone is a PSyclone - a compiler for Finite Element/Volume/Difference DSLs in Fortran Affected versions of this package are vulnerable to Race Condition due to inadequate checks for pure procedure calls in loop parallelization. This vulnerability derives from the...

8.3CVSS6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-42744

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The Reader.ReadResponse function in the net/textproto package experiences excessive CPU consumption. Recommendations Update to a newer version of golang that contains a fix for this...

9.8CVSS9.1AI score0.00526EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.1 views

PT-2025-44223

Name of the Vulnerable Software and Affected Versions strongSwan versions 5.9.13-2ubuntu4.25.04.1 Description The strongSwan client had an incorrect handling of EAP-MSCHAPv2 failure requests. An attacker could potentially cause a denial of service, or possibly execute arbitrary code, by tricking ...

8.1CVSS7.3AI score0.00879EPSS
Exploits0References27
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-30786

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ACPICA component. A platform firmware update increasing the number of method parameters, without a corresponding update to its callers, caused...

6.8CVSS6.7AI score0.00166EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.5 views

PT-2024-17911 · Unknown · Electronic Official Document Management System

Name of the Vulnerable Software and Affected Versions: Electronic Official Document Management System affected versions not specified Description: The Electronic Official Document Management System has an Authentication Bypass issue. Although the product enforces an IP whitelist for the API used ...

9.8CVSS7.3AI score0.01237EPSS
Exploits0References12
CVE
CVE
added 2024/12/30 8:12 p.m.100 views

CVE-2024-11944

CVE-2024-11944 affects iXsystems TrueNAS CORE (tarfile.extractall). The flaw is lack of validation of a user-supplied path in tarfile.extractall, enabling directory traversal and remote code execution with root privileges on affected installations, exploitable by network-adjacent attacker without...

8.8CVSS7.9AI score0.01599EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/12/30 8:50 a.m.10 views

Arbitrary Code Execution

Jinja2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper detection in the sandboxed environment caused by an oversight in how calls to str.format are handled, allowing attackers to execute arbitrary Python code if they control the content of a template and exploit...

7.8CVSS7.5AI score0.005EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2024/12/30 4:23 a.m.8 views

CVE-2024-56745

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep, " " != NULL If there are ...

6.1CVSS6.9AI score0.00208EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/12/30 3:48 a.m.7 views

SUSE CVE-2024-56745

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS7.5AI score0.00208EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2024/12/29 2:54 p.m.16 views

CVE-2024-56692

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncatenode syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fsinvalidateblocks+0x35f/0x370...

5.5CVSS6.7AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/12/29 2:31 p.m.12 views

CVE-2024-53211

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-;l2tptunnelidr; idrdestroy&pn-;l2tptunnelidr; By forcing memory...

5.5CVSS6.8AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2024/12/29 12:15 p.m.18 views

CVE-2024-56745

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS0.00208EPSS
Exploits0References7
OSV
OSV
added 2024/12/29 12:15 p.m.11 views

AZL-55005 CVE-2024-56745 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS6.7AI score0.00208EPSS
Exploits0References1
Rows per page
Query Builder